The RFID technology is an essential component to implement a world of total control. RFID transponders are inexpensive and extremely small. They could be included in everyday objects and citizens can hardly detect their presence. RFID readers create a magnetic field that can activate the RFID transponders remotely without the consent of their owner. However, RFID is not inherently harmful: tiny wireless memory storage can have a useful purpose. It is therefore necessary to address the privacy problems it creates at a social, legal and technical level[1].

Consumer lobbies[2] and other non profit organizations raise awareness of the public. A controversial climate is generated by the cynical attitude of some organizations whose purpose seems to spread the RFID technology by deliberately minimizing its impact on privacy[3]. The rights for privacy and freedom are in conflict with a desire for more surveillance and control. The outcome of this battle will draw the social and legal boundaries in which RFID will become acceptable.

An essential and often neglected aspect when dealing with implements impacting privacy is the control over the technology itself. When citizens become increasingly accustomed to a technology, their freedom and privacy depend on who is in control. For instance, if citizens were vastly willing to add a privacy protecting feature in their web browser, they would have to ask for permission to a single company who has exclusive control of more that 90% of the web browsers in use. Although users theoretically have the choice to switch to another web browser, in practice 90% of them depend on the will of a single company.

The RFID technology includes hardware, protocols and software. The hardware is controlled by a small number of patent holders[4] and is partially normalized (ISO/IEC). The protocol used to establish a dialog between a RFID reader and a RFID transponder is defined by an international standard (ISO/IEC-15693-3) and its software implementation is not subject to control by a known patent holder. At the date of this writing (July 2003), http://nongnu.org/projects/rfid/ is the only Free Software application that empowers every citizen to take advantage of the RFID technology without asking for permission to a third party. Most companies producing RFID hardware (readers and transponders) provide proprietary software for their products and forbid users to independently adapt it to their needs.

The making of the standards (ISO/IEC-15693 and the forthcoming ISO/IEC-18000) is vastly dominated by hardware manufacturers. Because citizens were not represented, the ISO/IEC-15693-3 protocol has no features addressing privacy issues, such as the ability to permanently shutdown a RFID transponder. Alain Berthon, editor of ISO/IEC-15693-3, suggests[5] that people willing to influence the content of the standards get in touch with national representations of the standard working groups. For instance, the secretary of the French commission is Mrs Catherine Protic (AFNOR, catherine.protic@afnor.fr): she could use well written statements to push for functionalities protecting privacy. Copies of these statements should be sent to rfid-privacy@nongnu.org for archival.

Although RFID was initially developed for surveillance and control, it may become a useful general purpose technology. The social and legal boundaries in which it is allowed to spread are being defined but the control of the technology must not be under-estimated. The availability of Free Software based solutions relieves citizens from the undesirable dependence on proprietary software vendors. Citizens should also participate in the making of the international standards so that their legitimate need for privacy and independence is not overlooked.